I love mitmproxy. It's been consistently part of my toolbelt for nearly a decade, it's stable, and still has plenty of new features that I can use if I need them, but it still works the same for its core use case as it did ten years ago.
mitmproxy is great for web dev because you can map any url to any other url transparently. for instance you can test prod front end on your localhost dev backend and vice versa.
If you've got root on the client, certificate pinning can be disabled ;) Usually it boils down to patching whatever method or system call the library in question is using to pin the HTTPS request, e.g. on iOS jailbreaks there's a tweak called "SSL Kill Switch" which hooks the native HTTP client to remove cert pinning. On a CI machine or desktop, you can probably do something similar with LD_PRELOAD trickery.
edit: Yeah, I found this library [0] that does it (actually disables validation entirely) with LD_PRELOAD and works with openssl, but no commits since 2018 so might not work. Also I'm pretty sure proxychains uses LD_PRELOAD and it might include some option to disable pinning, idk.
Yes, it looks like whatever they used for testing HTTP/3 took just as long. If you're taking that as a conclusion of the relative performance between HTTP/1.1 and HTTP/3, don't. There's nothing there that suggest it's a benchmark.
